Support Azure OIDC testing #1127

veochen-octopus · 2023-09-13T05:04:24Z

This PR does 2 main things:

Adds the instance discovery endpoint so it can be tested from the server side.
Adds a mock test for the token exchange.

Also some minor code improvements I found along the way.

…g Assembly reference to a unique class

…ove token exchange from AzureScripting

…loy/Calamari into isaac/azure-oidc-auth

…point

…loy/Calamari into isaac/azure-oidc-auth

This reverts commit ddf9396.

veochen-octopus · 2023-09-22T01:40:46Z

source/Calamari.AzureScripting/Scripts/AzureContext.sh

@@ -44,7 +44,7 @@ function setup_context {

        if [ -n $Octopus_Open_Id_Jwt ]
        then
-          echo "Azure CLI: Authenticating with OpenID Connect Access Token"
+          echo "Azure CLI: Authenticating with OpenID Connect Federated Token"


Changing this to be consistent with the other messages.

veochen-octopus · 2023-09-22T01:41:54Z

...alamari.AzureWebApp/Integration/Websites/Publishing/ResourceManagerPublishProfileProvider.cs

+                ? await (account as AzureOidcAccount).GetAuthorizationToken(CancellationToken.None)
+                : await (account as AzureServicePrincipalAccount).GetAuthorizationToken();


Simplifies the method calls. Also makes it easier for the discovery endpoint to travel downstream.

This reverts commit 6cbe7bc.

IsaacCalligeros95 and others added 30 commits August 31, 2023 14:34

Initial cut of Azure OIDC auth in Calamari. (Untested, changes to come)

b60fc18

Update azure web app step

1e738e9

Update kubernetes steps to include azure oidc auth

e4a0376

Azure ResourceGroup

daba4a7

Moving token auth to Calamari

fe0b4ab

Add AzureContextScriptWrapper Assembly

416fab4

Update az creds call in azure scripts & change Calamari.AzureScriptin…

82d0afc

…g Assembly reference to a unique class

Update to use federated token auth flow in powershell scripts and rem…

9183ac2

…ove token exchange from AzureScripting

updating az cli call

b3131db

updating az cli

4cee080

Fix loginArgs

405033b

Fix tenantId param

77873fa

convert to secure string

49a927a

Plain access token

00a1aa9

Update scope

7a222d5

Update Azure Identity and ArmClient Creation

883ef3f

Update ClientOptions

0d487dd

Rename AssertionToken to IdToken

a17a36f

Updating management and AD endpoints handling

1f051ca

Bumping Azure.Management.Websites

0c0b7f4

cleaned up auth messages

31e0524

Merge branch 'isaac/azure-oidc-auth' of https://github.com/OctopusDep…

20c1762

…loy/Calamari into isaac/azure-oidc-auth

Consolidate Azure Accounts to CloudAccounts and update management end…

14b1cc4

…point

Update ManagementBaseUri settings

5817875

Updating Kubernetes auth

9d5089e

working AzureCLI login for k8s

448fff3

Merge branch 'isaac/azure-oidc-auth' of https://github.com/OctopusDep…

30a41b0

…loy/Calamari into isaac/azure-oidc-auth

Update AzureClient

f007a95

Add conditional discovery

2c4fc8d

Tidy up management endpoint

942cfd8

remove logging

80d6d1d

veochen-octopus force-pushed the veo/oidc-test branch from db676d1 to 80d6d1d Compare September 13, 2023 05:05

chore: initial changes to add oidc for aws

3bbe35e

Base automatically changed from isaac/azure-oidc-auth to master September 13, 2023 08:15

veochen-octopus and others added 12 commits September 14, 2023 09:25

use variable and only windows

ddf9396

Merge remote-tracking branch 'origin/master' into veo/oidc-test

0887440

Revert "use variable and only windows"

6d6dce8

This reverts commit ddf9396.

remove test

bb47288

chore: include oidc token when assuming role with web identity

7fb362b

revert deps

74903f7

Merge remote-tracking branch 'origin/master' into veo/oidc-test

30a0630

Merge remote-tracking branch 'origin/henrik/oidc/aws' into veo/oidc-test

b77a771

use variable, some clean up

40347f8

Merge remote-tracking branch 'origin/master' into veo/oidc-test

b90c61e

throw if no access token

b7ddd03

wording

a0ecc80

veochen-octopus changed the title ~~OIDC test~~ Support Azure OIDC testing Sep 22, 2023

veochen-octopus commented Sep 22, 2023

View reviewed changes

veochen-octopus added 4 commits September 22, 2023 13:43

simplify

8795349

revert change

d4227cd

unnecessary

604b27c

add wiremock test

b2380c9

veochen-octopus force-pushed the veo/oidc-test branch from c3e65df to b2380c9 Compare September 22, 2023 03:51

move to tests

eb8fe55

veochen-octopus marked this pull request as ready for review September 22, 2023 05:40

veochen-octopus added 2 commits September 25, 2023 09:55

trust root

2501ee3

de-static

6cbe7bc

veochen-octopus marked this pull request as draft November 7, 2023 20:17

Revert "de-static"

cd6e09b

This reverts commit 6cbe7bc.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support Azure OIDC testing #1127

Support Azure OIDC testing #1127

veochen-octopus commented Sep 13, 2023 •

edited

veochen-octopus Sep 22, 2023

veochen-octopus Sep 22, 2023 •

edited

		? await (account as AzureOidcAccount).GetAuthorizationToken(CancellationToken.None)
		: await (account as AzureServicePrincipalAccount).GetAuthorizationToken();

Support Azure OIDC testing #1127

Are you sure you want to change the base?

Support Azure OIDC testing #1127

Conversation

veochen-octopus commented Sep 13, 2023 • edited

veochen-octopus Sep 22, 2023

Choose a reason for hiding this comment

veochen-octopus Sep 22, 2023 • edited

Choose a reason for hiding this comment

veochen-octopus commented Sep 13, 2023 •

edited

veochen-octopus Sep 22, 2023 •

edited